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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 
A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1. 17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 .17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 1/27/2006 has been entered. 

Response to Amendment 
Claim 2 has been cancelled. Applicant's arguments/amendments with respect to 
amended claims 1, 3, 5, 11, & 15 and previously presented claims 4, 6-10, 12-14, & 16-20 filed 
1/27/2006 have been fully considered and therefore the claims are rejected under new grounds. 

Claim Rejections - 35 USC §103 

I. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. -Patentability shall not be negatived by the 
manner in which the invention was made. 

II. Claims 1 and 3-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Burn, 
United States Pub. No. 2003/0005291 and further in view of Carlsson et al., US Patent No. 
6,490,367. 

As per claim 1 : 
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Burn substantially teaches a token issuance and binding process comprising: providing a 
plurality of tokens, each token having a unique ID number stored therein (par. 6, lines 1-7 and 
par. 37, lines 1-3); generating a unique public/private key pair for each token (par. 36, lines 8- 
15); storing each token ID number and corresponding public key in a directory/database (par. 36, 
lines 16-19); storing each private key in its respective token (par. 36-37 and table 1, field name 
"User Certificate"); and binding a unique ID number of a user to a corresponding one of the 
plurality of tokens by storing said correspondence there between in the directory/database (par. 
36-37 and fig. 5, element 140). 

Not explicitly disclosed is reviewing, by a Tokenizing Officer, credentials of the user and 
forwarding the user ID number and the token ID number to a CMS (Certificate Management 
System) along with an E-form (electronic form) request and signature of the Tokenizing Officer, 
wherein the Tokenizing Officer comprises a person. However, Carlsson et al. teach reviewing, 
by a Tokenizing Officer, credentials of the user and forwarding the user ID number and the token 
ID number to a CMS (Certificate Management System) along with an E-form (electronic form) 
request and signature of the Tokenizing Officer, wherein the Tokenizing Officer comprises a 
person (col. 8, lines 12-51). Therefore, it would have been obvious to a person in the art at the 
time the invention was made to modify the method disclosed in Burn to add a Tokenizing 
Officer, who is a person, to review credentials of a user and to forward the user information to a 
CMS along with an electronic request form and Tokenizing Officer's signature. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since Carlsson et al. suggest 
that having a person as the Tokenizing Officer is easy to administer and adds to security because 
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the credentials are checked by someone who is acquainted with the users so it is harder to forge 
an identity in the binding process in col. 8, lines 20-27. 
As per claim 3 

Burn and Carlsson et al. substantially teach the process as applied to claim 1 above. Not 
explicitly disclosed is the binding further comprising the CMS checking for redundant user 
tokens and revoking any such user tokens. However, Carlsson et al. teach revoking tokens of 
individuals when their role has changed in order to do away with redundant certificates, i.e. so 
that one user does not have two valid certificates with different roles especially when one of the 
roles has been revoked. Therefore, it would have been obvious to a person in the art at the time 
the invention was made to modify the method disclosed in Burn to incorporate the ability to 
check and revoke any such tokens that are not distinct. This modification would have been 
obvious because a person having ordinary skill in the art, at the time the invention was made, 
would have been motivated to do so since Carlsson et al. teach that it is important that 
certificates that are invalid are revoked in order to prevent from users gaining access to various 
objects that they are no longer authorized for in col. 9, lines 14-20. 
As per claim 4: 

Burn and Carlsson et al. substantially teaches the process as applied to claim 3 above. 
Furthermore, Carlsson et al. teach the binding further comprising the CMS filling in the E-form 
from its directory/database and forwarding the filled in E-form to the Tokenizing Officer (col. 8, 
lines 28-37). 
As per claim 5: 

Burn and Carlsson et al. substantially teaches the process as applied to claim 4 above. 
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Furthermore, Carlsson et al teach the binding further comprising the Tokenizing Officer 
reviewing data in filled in E-form and comparing against user credentials and returning same to 
CMS after signing (col. 8, lines 12-27). 
As per claim 6: 

Burn and Carlsson et al. substantially teach the process as applied to claim 5 above. 
Furthermore, Burn teaches generating and wrapping at least a signature certificate/private and 
associated private key for the user in the unique public key of the token and returning same to the 
Tokenizing Officer (par. 44, lines 1-13). Not explicitly disclosed is the binding further 
comprising the CMS validating the Tokenizing Officer's signature. However, Burn teaches that 
when the CA receives a message from the HTP it must be decrypted, hence verified. Therefore, 
it would have been obvious to a person in the art at the time the invention was made to modify 
the method disclosed in Burn to incorporate the ability to validate the HTP's signature. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since Burn suggests that 
validating the Tokenizing Officer's signature is important to ensure that a valid Tokenizing 
Officer is supplying the user information in par. 44, lines 1-5. 
As per claim 7: 

Burn and Carlsson et al. substantially teach the process as applied to claim 6 above. 
Furthermore, Burn teaches the binding further comprising the Tokenizing Officer storing the 
signature certificate/private key for the user in the token (par. 44, lines 14-21). 
As per claim 8: 

Burn and Carlsson et al. substantially teach the process as applied to claim 7 above. Not 
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explicitly disclosed is the binding further comprising the user unwrapping the signature 
certificate/private key using the token private key stored in the token. However, Burn teaches 
the HTP unwrapping the signature certificate/private key stored in the token. Therefore, it would 
have been obvious to a person in the art at the time the invention was made to modify the method 
disclosed in Burn to instead have the user unwrap the information in the token. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since Burn suggests that in 
order to use the certificate it must be able to be decrypted by the private key stored in the token, 
which is stored therein to ensure that the private key is kept confidential and will not be 
compromised in par. 44, lines 14-21. 
As per claim 9: 

Burn and Carlsson et al. substantially teach the process as applied to claim 1 above. Not 
explicitly disclosed by Burn is the process wherein providing a plurality of tokens comprises 
providing a plurality of USB (Universal Serial Bus) tokens. However, Burn teaches the use of a 
hardware token that could be implemented in various ways. Therefore, it would have been 
obvious to a person in the art at the time the invention was made to modify the method disclosed 
in Burn to have the hardware tokens comprise of USB tokens. This modification would have 
been obvious because a person having ordinary skill in the art, at the time the invention was 
made, would have been motivated to do so since Burn suggest that any type of hardware token 
can be used in par. 46. 
As per claim 10: 

Burn teaches the process as applied to claim 1 above. Not explicitly disclosed by Burn is 
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the process wherein providing a plurality of tokens comprises providing a plurality of smart 
cards. However, Burn teaches that a smartcard could be used in an alternate embodiment. 
Therefore, it would have been obvious to a person in the art at the time the invention was made 
to modify the method disclosed in Burn to have the hardware tokens comprise of smartcards. 
This modification would have been obvious because a person having ordinary skill in the art, at 
the time the invention was made, would have been motivated to do so since Burn suggests that 
any type of hardware token can be used, for example a smart card, in par. 31. 
As per claim 11: 

The limitations in claim 1 1 are similar in scope to the limitations disclosed in claim 1, 
thus it is rejected for the same reasons since it is merely the system that implements the rejected 
method claim. 
As per claims 12-20: 

The limitations in claims 12-20 are similar in scope to the limitations disclosed in claims 
3-10, thus it are rejected for the same reasons since they are merely components of the system 
that implement the rejected method claims. 

* References Cited, Not Used 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

1. U.S. Patent No. 5,943,423 

2. U.S. Patent No. 6,438,550 

The above references have been cited because they are relevant due to the manner in which the 
invention has been claimed. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Nadia Khoshnoodi 
Examiner Art Unit 2137 
4/10/2006 
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